Behavioral task
behavioral1
Sample
101356-355-0x0000000000530000-0x0000000000558000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
101356-355-0x0000000000530000-0x0000000000558000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
101356-355-0x0000000000530000-0x0000000000558000-memory.dmp
-
Size
160KB
-
MD5
7491fb5e2c5d14df8466149683534edf
-
SHA1
95b4935dcf0ab5e1764fc2144284aff84c93f58d
-
SHA256
bd498a83fbd4cd669b05310d2c594f6afd187b8591acdfae5839fbf543781680
-
SHA512
a4972001feab0c38e906bd71bbba24587b258e4775dd763fba699d412eda0e54fb156e6df0f662f7d94b851d83d9857ecb06f1e5fb8e660ffce37df6f964f5e9
-
SSDEEP
3072:8YO/ZMTFXHGJtjQ0lYpxN6VBDFvydPShhSSB6W:8YMZMBXHGJmWYpxNkQ9Sho
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @me_golds)
77.73.134.27:7161
-
auth_value
e136da06c7c0400f4091dab1787720ea
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
101356-355-0x0000000000530000-0x0000000000558000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ